Advertisement
opexxx

CCSK cloud

Oct 5th, 2016
241
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.81 KB | None | 0 0
  1. CCSK
  2. COURSE
  3. 1: Architecture
  4. ?
  5. NIST Definitions
  6. ?
  7. Essential Characteristics
  8. ?
  9. Service Models
  10. ?
  11. Deployment Models
  12. ?
  13. Multi-Tenancy
  14. ?
  15. CSA Cloud Reference Model
  16. ?
  17. Jericho Cloud Cube Model
  18. ?
  19. Cloud Security Reference Model
  20. ?
  21. Cloud Service Brokers
  22. ?
  23. Service Level Agreements
  24. 2: Governance and Enterprise Risk Management
  25. ?
  26. Contractual Security Requirements
  27. ?
  28. Enterprise and Information Risk Management
  29. ?
  30. Third Party Management Recommendations
  31. ?
  32. Supply chain examination
  33. ?
  34. Use of Cost Savings for Cloud
  35. 3: Legal Issues: Contracts and Electronic Discovery
  36. ?
  37. Consideration of cloud-related issues in three dimensions
  38. ?
  39. eDiscovery considerations
  40. ?
  41. Jurisdictions and data locations
  42. ?
  43. Liability for activities of subcontractors
  44. ?
  45. Due diligence responsibility
  46. ?
  47. Federal Rules of Civil Procedure and electronically stored
  48. information
  49. ?
  50. Metadata
  51. ?
  52. Litigation hold
  53. 4: Compliance and Audit Management
  54. ?
  55. Definition of Compliance
  56. ?
  57. Right to audit
  58. ?
  59. Compliance impact on cloud contracts
  60. ?
  61. Audit scope and compliance scope
  62. ?
  63. Compliance analysis requirements
  64. ?
  65. Auditor requirements
  66. 5: Information Management and Data Security
  67. ?
  68. Six phases of the Data Security Lifecycle and their key ele
  69. -
  70. ments
  71. ?
  72. Volume storage
  73. ?
  74. Object storage
  75. ?
  76. Logical vs physical locations of data
  77. ?
  78. Three valid options for protecting data
  79. ?
  80. Data Loss Prevention
  81. ?
  82. Detection Data Migration to the Cloud
  83. ?
  84. Encryption in IaaS, PaaS & SaaS
  85. ?
  86. Database Activity Monitoring and File Activity Monitoring
  87. ?
  88. Data Backup
  89. ?
  90. Data Dispersion
  91. ?
  92. Data Fragmentation
  93. 6: Interoperability and Portability
  94. ?
  95. Definitions of Portability and Interoperability
  96. ?
  97. Virtualization impacts on Portability and Interoperability
  98. ?
  99. SAML and WS-Security
  100. ?
  101. Size of Data Sets
  102. ?
  103. Lock-In considerations by IaaS, PaaS & SaaS delivery models
  104. ?
  105. Mitigating hardware compatibility issues
  106. 7: Traditional Security, Business Continuity, and Disaster
  107. Recovery
  108. ?
  109. Four D’s of perimeter security
  110. ?
  111. Cloud backup and disaster recovery services
  112. ?
  113. Customer due diligence related to BCM/DR
  114. ?
  115. Business Continuity Management/Disaster Recovery due
  116. diligence
  117. ?
  118. Restoration Plan
  119. ?
  120. Physical location of cloud provider
  121. 8: Data Center Operations
  122. ?
  123. Relation to Cloud Controls Matrix
  124. ?
  125. Queries run by data center operators
  126. ?
  127. Technical aspects of a Provider’s data center operations for
  128. customers
  129. ?
  130. Logging and report generation in multi-site clouds
  131. 9: Incident Response
  132. ?
  133. Factor allowing for more efficient and effective containment
  134. and recovery in a cloud
  135. ?
  136. Main data source for detection and analysis of an incident
  137. ?
  138. Investigating and containing an incident in an Infrastructure
  139. as a Service environment
  140. ?
  141. Reducing the occurrence of application level incidents
  142. ?
  143. How often should incident response testing occur
  144. ?
  145. Offline analysis of potential incidents
  146.  
  147. 10: Application Security
  148. ?
  149. Identity, entitlement, and access management (IdEA)
  150. ?
  151. SDLC impact and implications
  152. ?
  153. Differences in S-P-I models
  154. ?
  155. Consideration when performing a remote vulnerability test of a cloud-based application
  156. ?
  157. Categories of security monitoring for applications
  158. ?
  159. Entitlement matrix
  160. 11: Encryption and Key Management
  161. ?
  162. Adequate encryption protection of data in the cloud
  163. ?
  164. Key management best practices, location of keys, keys per user
  165. ?
  166. Relationship to tokenization, masking, anonymization and cloud database controls
  167. 12: Identity, Entitlement, and Access Management
  168. ?
  169. Relationship between identities and attributes
  170. ?
  171. Identity Federation
  172. ?
  173. Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
  174. ?
  175. SAML and WS-Federation
  176. ?
  177. Provisioning and authoritative sources
  178. 13: Virtualization
  179. ?
  180. Security concerns for hypervisor architecture
  181. ?
  182. VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
  183. ?
  184. In-Motion VM characteristics that can create a serious complexity for audits
  185. ?
  186. How can virtual machine communications bypass network security controls
  187. ?
  188. VM attack surfaces
  189. ?
  190. Compartmentalization of VMs
  191. 14: Security as a Service
  192. ?
  193. 10 categories
  194. ?
  195. Barriers to developing full confidence in security as a service (SECaaS)
  196. ?
  197. Deployment of Security as a Service in a regulated industry prior SLA
  198. ?
  199. Logging and reporting implications
  200. ?
  201. How can web security as a service be deployed
  202. ?
  203. What measures do Security as a Service providers take to earn the trust of their customers
  204. ?
  205. ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
  206. ?
  207. Isolation failure
  208. ?
  209. Economic Denial of Service
  210. ?
  211. Licensing Risks
  212. ?
  213. VM hopping
  214. ?
  215. Five key legal issues common across all scenarios
  216. ?
  217. Top security risks in ENISA research
  218. ?
  219. OVF
  220. ?
  221. Underlying vulnerability in Loss of Governance
  222. ?
  223. User provisioning vulnerability
  224. ?
  225. Risk concerns of a cloud provider being acquired
  226. ?
  227. Security benefits of cloud
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement